From owner-freebsd-current@FreeBSD.ORG Fri Jun 29 16:33:31 2007 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8729516A400 for ; Fri, 29 Jun 2007 16:33:31 +0000 (UTC) (envelope-from sgk@troutmask.apl.washington.edu) Received: from troutmask.apl.washington.edu (troutmask.apl.washington.edu [128.208.78.105]) by mx1.freebsd.org (Postfix) with ESMTP id 6B1AB13C43E for ; Fri, 29 Jun 2007 16:33:31 +0000 (UTC) (envelope-from sgk@troutmask.apl.washington.edu) Received: from troutmask.apl.washington.edu (localhost.apl.washington.edu [127.0.0.1]) by troutmask.apl.washington.edu (8.14.1/8.13.8) with ESMTP id l5TGWpBY006393; Fri, 29 Jun 2007 09:32:51 -0700 (PDT) (envelope-from sgk@troutmask.apl.washington.edu) Received: (from sgk@localhost) by troutmask.apl.washington.edu (8.14.1/8.13.8/Submit) id l5TGWlw4006392; Fri, 29 Jun 2007 09:32:47 -0700 (PDT) (envelope-from sgk) Date: Fri, 29 Jun 2007 09:32:47 -0700 From: Steve Kargl To: David Malone Message-ID: <20070629163247.GA6373@troutmask.apl.washington.edu> References: <20070628014311.GA50012@troutmask.apl.washington.edu> <20070629105140.GA51586@walton.maths.tcd.ie> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070629105140.GA51586@walton.maths.tcd.ie> User-Agent: Mutt/1.4.2.2i Cc: freebsd-current@freebsd.org Subject: Re: SYNCOOKIE authentication problems X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jun 2007 16:33:31 -0000 On Fri, Jun 29, 2007 at 11:51:40AM +0100, David Malone wrote: > On Wed, Jun 27, 2007 at 06:43:11PM -0700, Steve Kargl wrote: > > Any advice on how to isolate or avoid? > > > > Jun 27 18:31:19 node11 kernel: TCP: [192.168.0.11]:59661 to > > [192.168.0.11]:63266 tcpflags 0x10; syncache_expand: Segment failed > > SYNCOOKIE authentication, segment rejected (probably spoofed) > > It looks like you tried to open a TCP connection to yourself, but > the connection failed. You could try leaving a tcpdump running: > > tcpdump -i whatever_interface -w /tmp/synfinrstdata -s 1500 'tcp[tcpflags] & (tcp-syn|tcp-fin|tcp-rst) != 0' > > while your MPI app runs and then we can have a look at the packets > that caused the problem. The above should collect all TCP SYN, FIN > and RST packets, which would probably be enough to diagnose the > problem. > I placed synfinrstdata.gz at http://troutmask.apl.washington.edu/~kargl/synfinrstdata.gz The following were in /var/log/messages Jun 29 09:21:58 node11 kernel: TCP: [192.168.0.12]:54528 to [192.168.0.11]:52690 tcpflags 0x10; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) Jun 29 09:22:01 node11 kernel: TCP: [192.168.0.15]:62391 to [192.168.0.11]:60621 tcpflags 0x10; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) Jun 29 09:26:43 node11 kernel: TCP: [192.168.0.11]:59578 to [192.168.0.11]:53378 tcpflags 0x10; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) Jun 29 09:27:51 node11 kernel: bge0: promiscuous mode disabled Jun 29 09:28:05 node11 kernel: TCP: [192.168.0.11]:64006 to [192.168.0.11]:53378 tcpflags 0x10; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) -- Steve